Security News

Malicious Android apps have a habit of sneaking their way into the Google Play store without getting caught by the usual security protections. A collection of more than 20 apps found by security firm Kaspersky on Google Play pretended to be Minecraft mods but were actually adware.

Fans of the popular Minecraft video game are in the crosshairs of cybercriminals, who have loaded up Google Play with scam apps bent on fleecing players out of cash. According to researchers, the mobile apps for Android fool users into spending hundreds of dollars per month, by offering skins, wallpapers and game mods for Minecraft and other games at super-premium prices.

Despite Google's best efforts to keep Android users safe, malware does manage to slip into Google Play from time to time, and the 21 malicious apps that Avast identified recently are proof of that. The offending applications appear to have been downloaded roughly 8 million times before being discovered.

The White Ops team of researchers, including Cirling, Michael Gethers, Lisa Gansky and Dina Haines, - who named the investigation "RAINBOWMIX," inspired by the 8-16 bit color palate running throughout the retro game apps - found that these fraudulent apps were downloaded more than 14 million times by unsuspecting users. "Most of the RAINBOWMIX apps have a"C-shaped rating distribution curve," the team reported.

Google has announced two new security initiatives: one is aimed at helping bug hunters improve the security of various browsers' JavaScript engines, the other at helping Android OEMs improve the security of the mobile devices they ship. "JavaScript engine security continues to be critical for user safety, as demonstrated by recent in-the-wild zero-day exploits abusing vulnerabilities in v8, the JavaScript engine behind Chrome. Unfortunately, fuzzing JavaScript engines to uncover these vulnerabilities is generally quite expensive due to their high complexity and relatively slow processing of input," noted Project Zero's Samuel Groß.

Google is taking the step of prohibiting "Stalkerware" in Google Play, along with apps that could be used in political-influence campaigns. Google also specified that any consent-based tracking-related apps distributed on the Play Store must comply with certain parameters.

Researchers have discovered more than 300 apps on the Google Play Store breaking basic cryptography code using a new tool they developed to dynamically analyze it. The research sheds new light on how easy it is for popular mobile apps-the ones analyzed had from hundreds of thousands of downloads to more than hundreds of millions-to break basic security rules, researchers noted in their work.

Google has deleted six apps from its Google Play marketplace that were infecting users with the Joker malware. As of Wednesday, Google confirmed with Threatpost that all infected applications have been removed from Google Play, but researchers said that they are still installed on the devices of their users, and urged users to immediately delete the apps.

A new campaign of malicious photo apps on Google Play floods Android devices with random ads instead of functioning as advertised. One of the hallmarks of the app is that once it's downloaded, it plays "Hide and seek" with the device, with the icon disappearing from the home screen, forcing users to go into the Settings menu to find the app if they want to see if it's been installed or open it.

A new variant of the infamous Joker malware has once again made it onto Google Play, with Google removing 11 malicious Android applications from its official app marketplace, researchers disclosed Thursday. "The Joker malware is tricky to detect, despite Google's investment in adding Play Store protections. Although Google removed the malicious apps from the Play Store, we can fully expect Joker to adapt again. Everyone should take the time to understand what Joker is and how it hurts everyday people."